10 Steps to Windows Infrastructure Automation Nirvana

I’m not going to dive into explaining what each of the features do. So, if you’re not familiar with any of them, or why I’ve included them here, please research them at your convenience. Whatever you discover, please be sure to read more than one source, so as to minimize the chances of being “kool-aided” with a biased viewpoint.

Many of these suggestions have been around for a long, long, long time now. At least by IT time reference. So don’t assume that I’m claiming these to be “brand new” or anything. I’ve employed these in lab and production environments many times and they can save you a ton of repetitive effort and frustration.

Note: The items with (*) indicate that you can skip these if you have other products in place to provide this capability. For example, System Center Operations Manager, or System Center Configuration Manager.

While this is automatic for domain-based Windows Server 2012 machines, it is not enabled be default for older versions, nor is it enabled by default for Windows desktop operating systems, even Windows 10.

In addition to populating the Start menu, it can be helpful (optional, of course) to add shortcuts to the desktop on servers for things like:

Restart (shutdown.exe /r /t 0)

Shut Down (shutdown.exe /s /t 0)

Log Off (logoff.exe)

Leverage AD Group Hierarchy Security

This goes without saying, but a LOT of environments still don’t do this. Instead of adding individual user accounts into the local Administrators group on each server, create a set of groups based on server roles or organizational services, whichever suits your environment best. Add those groups to the local Administrators group using a Group Policy Object. Then, when personnel changes occur, you can modify one group and update access on all of the servers at once. This holds true for managing end-user devices as well.

Enable NIC teaming for Windows Server 2012 R2 (and later) to create an abstraction layer for services and applications. Even if you only have one NIC, you can use this to hide the physical NIC from consuming services. This allows you to swap NIC’s, if needed, and not require reconfiguration of services. This can be done from Command Line or in Server Manager as well.